'Re: RE : CRT mode in OffloadModExpo'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: RE : CRT mode in OffloadModExpo
From:       John Banes <jbanes () WINDOWS ! MICROSOFT ! COM>
Date:       2003-02-19 4:06:51
[Download RAW message or body]

There's no standard mechanism for this, so you probably have come up
with something on your own. If the cache is going to contain elements of
the private key, then I would recommend encrypting this when not in use.
You should validate the input parameters so that you don't bluescreen
the system. That sort of thing.

You can use critical sections and reference counting to make the cache
thread safe. Just be sure not to hold on to a critical section when
performing an operation that blocks or uses a bunch of CPU cycles, or
else your performance will suffer.

Best of luck,
John

-----Original Message-----
From: Vitali [mailto:vitali@CIPHERACTIVE.COM] 
Sent: Tuesday, February 18, 2003 3:43 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: RE : CRT mode in OffloadModExpo


Hi,

Thank You for the exhaustive answer it REALLY helped to solve lots of
questions I had.

You write "The offload module may want to maintain a small cache...",
well Yes it does want ;-) very much... But how can I do it..? Is there a
mechanism for menaging such cache..? I mean without making security
holes and thread safe..


--
Best regards,
 Vitali                            mailto:vitali@cipheractive.com

Sunday, February 16, 2003, 10:54:38 PM, you wrote:

JB> From looking at the code, it appears that a pointer to an 
JB> OFFLOAD_PRIVATE_KEY structure is passed in parameter 7 of the 
JB> offload function. Using this information allows the offload module 
JB> to easily compute the CRT constants. The offload module may want to 
JB> maintain a small cache, so that it doesn't have to compute this 
JB> constants for every private key operation.

JB> I think that this pointer is only provided on WinXP and Windows 
JB> Server 2003, and only when a private key operation is being 
JB> performed. It looks like this parameter is NULL when a public key 
JB> operation is being performed.

JB> Note that with a bit of work, it's possible for an offload module to

JB> compute the CRT constants even without this structure. This may be 
JB> something that you want to investigate when running on Win2K. I've 
JB> heard that a couple of the more mathematically inclined hardware 
JB> vendors have managed to get this to work. I have a description of 
JB> the algorithm laying around somewhere, I think. I'll post it to the 
JB> list later on if I can find it.

JB> It appears that the OFFLOAD_PRIVATE_KEY structure is not documented 
JB> in MSDN. I'll see if I can get this fixed.

JB> //
JB> // Exponentiation Offload Entry Point Prototype
JB> //

JB> typedef struct _OFFLOAD_PRIVATE_KEY
JB> {
JB>     DWORD dwVersion;
JB>     DWORD cbPrime1;
JB>     DWORD cbPrime2;
JB>     PBYTE pbPrime1;             // "p"
JB>     PBYTE pbPrime2;             // "q"
JB> } OFFLOAD_PRIVATE_KEY, *POFFLOAD_PRIVATE_KEY;

JB> #define CUR_OFFLOAD_VERSION             1

JB> typedef BOOL (WINAPI *PFN_OFFLOAD_MOD_EXPO)(
JB>     IN              PBYTE pbBase,
JB>     IN              PBYTE pbExponent,
JB>     IN              DWORD cbExponent,
JB>     IN              PBYTE pbModulus,
JB>     IN              DWORD cbModulus,
JB>     OUT             PBYTE pbResult,
JB>     IN  OPTIONAL    PVOID pvOffloadPrivateKey,
JB>     IN              DWORD dwFlags);

JB> Regards,
JB> John

JB> -----Original Message-----
JB> From: AUCOUTURIER Sebastien 
JB> [mailto:sebastien.aucouturier@ZENCOD.COM]
JB> Sent: Thursday, February 13, 2003 1:50 AM
JB> To: CryptoAPI@DISCUSS.MICROSOFT.COM
JB> Subject: RE : CRT mode in OffloadModExpo


>>>The question:
>>>Is there a way to tell Windows to work in CRT mode when using the
JB> Offload feature.?

JB> Under W2k, i think the response is NO.
JB> But on platform since XP, i think Yes...but nothing is documented ! 
JB> :-( Can someone help us ?

JB> ----------------------------------------------------------------
JB> Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
JB> contains important info. Save time, search the archives at 
JB> http://discuss.microsoft.com/archives/index.html . To unsubscribe, 
JB> mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

JB> ----------------------------------------------------------------
JB> Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
JB> contains important info. Save time, search the archives at 
JB> http://discuss.microsoft.com/archives/index.html . To unsubscribe, 
JB> mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html . To unsubscribe,
mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic